Lucene search

[email protected]CVE-2016-1964

HistoryMar 13, 2016 - 6:59 p.m.

CVE-2016-1964

2016-03-1318:59:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2016-1964

firefox

vulnerability

remote code execution

denial of service

heap memory corruption

xml transformations

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

88.2%

JSON

Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations.

CPENameOperatorVersion
oracle:linuxoracle linuxeq5.0
oracle:linuxoracle linuxeq6
oracle:linuxoracle linuxeq7
suse:linux_enterprisesuse linux enterpriseeq12.0
opensuse:leapopensuse leapeq42.1
opensuse:opensuseopensuseeq13.1
opensuse:opensuseopensuseeq13.2
mozilla:firefox_esrmozilla firefox esreq38.0
mozilla:firefox_esrmozilla firefox esreq38.2.1
mozilla:firefox_esrmozilla firefox esreq38.1.0

CPE	Name	Operator	Version
oracle:linux	oracle linux	eq	5.0
oracle:linux	oracle linux	eq	6
oracle:linux	oracle linux	eq	7
suse:linux_enterprise	suse linux enterprise	eq	12.0
opensuse:leap	opensuse leap	eq	42.1
opensuse:opensuse	opensuse	eq	13.1
opensuse:opensuse	opensuse	eq	13.2
mozilla:firefox_esr	mozilla firefox esr	eq	38.0
mozilla:firefox_esr	mozilla firefox esr	eq	38.2.1
mozilla:firefox_esr	mozilla firefox esr	eq	38.1.0